Microsoft To Hunt For New Species Of Windows Bug

Joris Evers of writes:

Microsoft plans to scour its code to look for flaws similar to a recent serious Windows bug and to update its development practices to prevent similar problems in future products.

The critical flaw, in the way Windows Meta File images are handled, is different than any security vulnerability the software maker has dealt with in the past, Kevin Kean and Debby Fry Wilson, directors in Microsoft’s Security Response Center, said in an interview with CNET Typical flaws are unforeseen gaps in programs that hackers can take advantage of and run code. By contrast, the WMF problem lies in a software feature being used in an unintended way.

Continue reading “Microsoft To Hunt For New Species Of Windows Bug”

Microsoft Pushes WMF Patch Early

It’s available on Windows Update now – I just updated five computers. Joris Evers of ZD writes:

Microsoft released a fix for a serious security vulnerability in Windows on Thursday, several days before the patch’s scheduled delivery.

The company is breaking with its monthly patch cycle because it completed testing of the security update earlier than it anticipated, it said in a note on its Web site. “In addition, Microsoft is releasing the update early in response to strong customer sentiment that the release should be made available as soon as possible,” the company said.

Continue reading “Microsoft Pushes WMF Patch Early”

New Zero Day Exploit Seen In The Wild

This is another report on the Windows vulnerability I posted a bit earlier. Suzi Turner of writes:

…Sunbelt researchers have collected more than 50 variants of the WindowsMetafiles (WMF) and documented a number of domains running this exploit. Email, blog talkbacks, guestbook links, all could be used to spread this infection. In fact, I know someone who got infected by clicking on a user’s homepage link at a forum.
Continue reading “New Zero Day Exploit Seen In The Wild”